Tonight (22/10/19-26/10/19) the following updated packages are being released:
Openldap and cyrus-impad, released to the Community last week, are being pushed into Business and Home.
* = the package is also being released to Business at the same time.
Packages available for testing
Unless detailed otherwise, packages available for testing can be installed with:
Packages being worked on:
- app-dhcp - update the MAC database
- app-smtp - enable the STARTTLS server on port 587; allow postfix to send encrypted e-mails (keeps Google happy and enhances security)
- app-base - the script to update the exclude lines in the repos was failing if you were trying to remove the last item
- clearos-release - remove smaba from the exclude lines for clearos-centos-fasttrack and clearos-centos-updates in the initial file - This may get pulled because of a problem with the build system.
- kmod-r8168 - update following upstream
- app-storage - lots of updates
- app-nextcloud/nextcloud* - to upstream Nextcloud 16
Openldap and cyrus-impad, released to the Community last week, are being pushed into Business and Home.
* = the package is also being released to Business at the same time.
Packages available for testing
- nextcloud - update to 16.x. Details in this thread.
- app-kopano - update underlying Kopano package to 8.7.5. The update is complete and available for testing for anyone with a valid kopano licence only. Details are in this post and the preceding one. This is waiting for 8.5.8 to be pushed to general release before 8.7.5 can go into proper testing.
- app-network - code merge complete.
- Now allows you to set up Wireless and Cellular interfaces. You will also need app-wireless to configure a NIC as an access point. Otherwise manual configuration is then needed for WiFi and Cellular devices.
- I've tweaked it for kernel mode PPPoE (much faster and lower resoures). For the moment we are not forcibly converting PPPoE interfaces over, but if you edit an interface it will switch to kernel mode.
- Hides irrelevant interfaces from app-network-report such as docker0, veth* and ifb*.
- Numerous other changes since last 2.6.0
- Do not use the the update if you use VLAN's on external interfaces.
Unless detailed otherwise, packages available for testing can be installed with:
yum update --enablerepo=clearos-updates-testing {package-name}Packages being worked on:
- app-storage
- app-network - trying to sort out configuring external interfaces on a VLAN.
Share this post:
Responses (13)
-
Accepted Answer
Another build of app-smtp is being pushed. The one released on Tuesday could cause an issue with /etc/postfix/master.cf if anyone's smtps "line" was split over more than one line. This may be due to manual tweaking of the file because a current installation will always have it as one line. The new build fixes the issue it may have caused, or, for people who have not updated yet, will do the update safely. -
Accepted Answer
A couple of things. I think your ppickup is a typo and should read pickup.
I have now pushed a fix which, on systems already patched, will remove the submission line and insert it before the pickup line so fix anything I've broken. Then, on unpatched systems (i.e.Home and Business) it inserts the line before the pickup line directly. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Yuck and double-yuck.
It was not missing a (. It was there with a : before it but the stupid forum converts it to a smilie and the ignores it.
I have no idea how to put in that text combination.
The other issue is that you've possibly been tinkering or there is an old default setup. Normally the smtps line is on one line so I searched for the "smtps[[:space]]inet" and inserted on the line after it. Retrospectively it would have been safer to insert before it but I did not take into account the option that the user may have edited the line and split it. It is a bit late to pull the update and tough to fix for users I've messed up, but easy to fix for new updates. I'll have to think about it. -
Accepted Answer
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
ppickup fifo n - n 60 1 pickup
The options are missing from your update - or more to the point, I *think* you split them from the 'smtps' line.
Here's what I think it should be;
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=may
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
ppickup fifo n - n 60 1 pickup
and suggest adding 'permit_mynetworks to the client restrictions.
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1597/master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 1597/master
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1597/master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1597/master
BTW - missing a '('
-
Accepted Answer
Unfortunately it would be naughty to disable 465 even though I don't like it. As it has been available in ClearOS it is in some of our HowTo's as it has worked out of the box and I know we have customers using it. The best we could possibly do is not include it in new installs.
I'd love to know how yours stopped working. Can you give me those lines from master.cf? Also what do you get from:netstat -npl | egrep '25|465|587)\s' -
Accepted Answer
To be honest, I can't remember exactly what I did to get 465 working, it was over a year ago .. but that was only because 587 wasn't working. The latter is better as 465 has been depreciated as an SMTPS (and the port has actually been reassigned). 465 is now actually 'URL Rendezvous Directory for SSM' - nothing to do with email. I was only using it as I wanted authenticated access to the mail server (to combat hackers), but was unable to use 587.
If truth be known, it would be better is you DON'T enable 465 for SMTPS - it was revoked back in 1998(!) .. anyone using COS as a mail server is highly unlikely to be using clients old enough to warrant allowing its use in a modern mail server (it's normally only supported in servers to support old email clients). And it's no longer an accepted standard for SMTP.
I'm actually much happier now that 587 is working correctly. My biggest problem was that I suddenly noticed that my client had 2 emails sitting in the outbox; that was the first indication that something had changed, but with no obvious indication why. -
Accepted Answer
-
Accepted Answer
That is not good. All I did to master.cf was add a line to enable port 587 (the "submission" line) straight after the smtps line. You should have:
Please can you let me know what you have?smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup .........
[edit]
A line should not have been added if one already existed.
Both 465 and 587 should now be working.
[/edit] -
Accepted Answer
AAGGGHHH! That's just broken my SMTP server. What -exactly- changes have been done? - especially to master.cf?
EDIT: Ok, never mind: have managed to switch everything over to 587 (was previously making use of 465 for TLS/SSL).
Incidentally; one oddity is that eM Client uses the 'use SSL/TLS on special port (legacy)' setting for 587 with COS, and not the 'use' or 'force' options (which I would expect). I'm not sure if this is a COS 'issue' or eM Client 'issue'. Pre-this change, with 587 not working, I had to use 465 (which is why everything broke(!). Need to check that my smartphone also still works ... -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »